Merge pull request ua-parser#22 from kevinlondon/master

elsigh · elsigh · commit 33c2bdf9683a · 2015-10-01T10:42:46.000-07:00
Switch from yaml.load to yaml.safe_load for security
diff --git a/setup.py b/setup.py
@@ -20,7 +20,7 @@ def install_regexes():
     import json
     import yaml
     json_dest = yaml_dest.replace('.yaml', '.json')
-    regexes = yaml.load(open(yaml_dest))
+    regexes = yaml.safe_load(open(yaml_dest))
     with open(json_dest, "w") as f:
         json.dump(regexes, f)
 
diff --git a/ua_parser/user_agent_parser.py b/ua_parser/user_agent_parser.py
@@ -169,7 +169,7 @@ def _repl(m):
           if index < len(group):
             return group[index]
           return ''
-          
+
         _string = re.sub(r'\$(\d)', _repl, string)
         _string = re.sub(r'^\s+|\s+$', '', _string)
         if _string == '':
@@ -179,7 +179,7 @@ def _repl(m):
     def Parse(self, user_agent_string):
         device, brand, model = None, None, None
         match = self.user_agent_re.search(user_agent_string)
-        if match:            
+        if match:
             if self.device_replacement:
                 device = self.MultiReplace(self.device_replacement, match)
             else:
@@ -442,9 +442,9 @@ def GetFilters(user_agent_string, js_user_agent_string=None,
 else:
     import yaml
 
-    yamlFile = open(UA_PARSER_YAML)
-    regexes = yaml.load(yamlFile)
-    yamlFile.close()
+    with open(UA_PARSER_YAML) as yamlFile:
+        regexes = yaml.safe_load(yamlFile)
+
 
 # If UA_PARSER_YAML is not specified, load regexes from regexes.json before
 # falling back to yaml format
@@ -458,7 +458,7 @@ def GetFilters(user_agent_string, js_user_agent_string=None,
         import yaml
 
         with open(yamlPath) as fp:
-            regexes = yaml.load(fp)
+            regexes = yaml.safe_load(fp)
 
 
 USER_AGENT_PARSERS = []
